Security implications of tty group?
Hello, security experts. In #349578 it is claimed that the mesg program should not warn if a tty device node fails to belong to group tty. What are the security implications of a tty device node failing to belong to group tty? Please CC: me as I am not subscribed to this list. -- Thomas Hood -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Security implications of tty group?
* Thomas Hood: Hello, security experts. In #349578 it is claimed that the mesg program should not warn if a tty device node fails to belong to group tty. What are the security implications of a tty device node failing to belong to group tty? mesg y does not have the desired effect because write programs which are SGID tty (such as /usr/bin/bsd-write) cannot write to the TTY even if the permissions are relaxed to 620. In other words, the warning makes perfect sense. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Security implications of tty group?
* Thomas Hood: Florian Weimer wrote: In other words, the warning makes perfect sense. Would it also be secure if (as the submitter of #349578 writes): This hasn't got to do much with security. The tty is /dev/pts/* and is always owned and group-owned by me. ? That is, should the warning be suppressed in that case? Uhm, sorry, obviously, you did not understand what I wrote, but I have trouble phrasing it in a better way. Here's another attempt: If the TTY is owned and group-owned by the user, the modes 0600 and 0620 are equivalent (assuming per-user groups). In order to enable messages from other users, mesg y simply sets the file mode ot 0620. However, if a per-user group is used (and not group tty), this does not have the desired effect because programs which are SGID tty (such as /usr/bin/bsd-write) still cannot access that TTY. This means that the warning is factually correct. It makes perfect sense because the mesg y failed to do what was explicitly requested. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Security implications of tty group?
Thomas Hood [EMAIL PROTECTED] wrote: What are the security implications of a tty device node failing to belong to group tty? It depends on who has access to that group, what are the permissions of the tty and what is intended. Generally you want to restrict write access to a tty to a trusted person, because otherwise she can use escape sequences to cause all kind of provblems (reprogramming keyboard, playing ascii movies, reading screen). write(1) can filter messages, and it enforces the clean-ness. Therefore it uses sguid tty. So if a user says mesg yes she wants actually allow write access and not raw access. Thats why a warning is a good thing. Gruss Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]